|
222691
|
5.5 |
MEDIUM
Local
|
rubyzip_project
fedoraproject
redhat
|
rubyzip
fedora
cloudforms
|
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of servic…
|
NVD-CWE-noinfo
|
CVE-2019-16892
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222692
|
5.4 |
MEDIUM
Network
|
halo
|
halo
|
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16890
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222693
|
7.5 |
HIGH
Network
|
ui
|
er-x_firmware
er-x-sfp_firmware
ep-r6_firmware
erlite-3_firmware
erpoe-5_firmware
er-8_firmware
erpro-8_firmware
ep-r8_firmware
er-4_firmware
er-6p_firmware
er-12_firmwa…
|
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a vali…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-16889
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222694
|
7.8 |
HIGH
Local
|
irfanview
|
irfanview
|
In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-16887
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222695
|
7.5 |
HIGH
Network
|
string-interner_project
|
string-interner
|
An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw.
|
CWE-416
Use After Free
|
CVE-2019-16882
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222696
|
7.5 |
HIGH
Network
|
linuxfoundation
docker
fedoraproject
opensuse
redhat
canonical
|
runc
docker
fedora
leap
enterprise_linux
openshift_container_platform
enterprise_linux_eus
enterprise_linux_server_tus
enterprise_linux_server_aus
ubuntu_linux
|
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a m…
|
CWE-863
Incorrect Authorization
|
CVE-2019-16884
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222697
|
9.8 |
CRITICAL
Network
|
portaudio-rs_project
|
portaudio-rs
|
An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and s…
|
CWE-416
Use After Free
|
CVE-2019-16881
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222698
|
9.8 |
CRITICAL
Network
|
linea_project
|
linea
|
An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method.
|
CWE-415
Double Free
|
CVE-2019-16880
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222699
|
8.8 |
HIGH
Network
|
netgate
|
pfsense
|
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
|
CWE-78
OS Command
|
CVE-2019-16701
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222700
|
9.8 |
CRITICAL
Network
|
emlog
|
emlog
|
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.
|
CWE-22
Path Traversal
|
CVE-2019-16868
|
2024-11-21 13:31 |
2019-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
